Skip to main content

Threat CenterThreat Center Release Notes

Table of Contents

Threat Center Features Introduced in 2025

March 2025

The following features were introduced in Threat Center in March 2025:

Feature

Description

Threat Center Exabeam Nova Enhancement

If you have a license that includes Advanced Analytics, Exabeam Nova Analyst Assistant and Exabeam Nova Threat Summary now have a better understanding of a case or alert, considering the 50 most recently grouped detections when generating a response.[a]

Created Column

To ensure you're investigating the right case or alert, you can now view the date and time a case or alert was created and time elapsed since the case or alert was created under the Created column.

A case in the case list with the Created column highlighted with a red rectangle.

Queue and Assignee Columns

To support sorting by queue and assignee, cases now have separate queue and assignee columns.

A case in the case list with the Queue and Assignee columns highlighted with a red rectangle.

Sorting Enhancements

To help you quickly find a case or alert, you can now sort cases and alerts by three additional columns: Grouped By, Stage, Queue, and Assignee.

Filters

To view only certain kinds of cases or alerts, you can now filter cases and alerts.

For cases, you can filter by priority, grouped by value, stage, queue, and assignee.

Filters available for cases.

For alerts, you can filter by priority and grouped by value.

Filters available for alerts.

Increased Notes Character Limit

To ensure you can communicate everything you want with case notes, you can now add up to 4,000 characters in a single note.

Threat Center notes with the character limit highlighted in a red rectangle.

Threat Timeline Rule Name Enhancement

To better discern the type of rule associated with a detection, you can now see the full name of the rule type in the Threat Timeline.

An analytics rule associated with a detection in the Threat Timeline with Analytics Rule highlighted in a red rectangle.
An correlation rule associated with a detection in the Threat Timeline with Correlation Rule highlighted in a red rectangle.
An Advanced Analytics rule associated with a detection in the Threat Timeline with Advanced Analytics highlighted in a red rectangle.

[a] This tool is designed to condense security event data into easy-to-understand language, focusing on important security details. It can also answer follow-up questions and discuss security tech topics, but its accuracy might vary outside these areas. Always double-check responses for crucial decisions. Your queries and data will only be retained temporarily and won't be used for AI training. Exabeam is actively improving this tool and welcomes feedback.

February 2025

The following features were introduced in Threat Center in February 2025:

Feature

Description

Case ID Enhancement

To ensure all cases have a human-readable identifier to which you can refer, all cases are now automatically assigned a unique number as the case ID.

You can view the case ID in the list of cases, in a case, emails sent from the case, and webhook notifications sent from the case. You can also search for a case using its case ID.

Case IDs for existing cases remain the same and won't have new case IDs retroactively assigned to them.

Entity Attribute Enhancements

If a case or alert contains detections grouped by entity, you can now learn more about the entity and view the entity attributes directly in Threat Center:

  • In the case or alert Overview tab, under Grouped By, click View Details to view the entity attributes.

    The Grouped By section of the Overview tab showing source device entity desktop-lp0294.
  • In the list of cases or alerts, under the GROUPED BY column, click the entity to view the entity attributes.

    A case in the list with the associated entity highlighted in a red rectangle.

New Region Support for the UK

Support for Threat Center now extends to the UK region. You can now access and use Threat Center in the UK.

January 2025

The following features were introduced in Threat Center in January 2025:

Feature

Description

Analytics Rules Detections

If you have a New-Scale Security Operations Portfolio license, you can now investigate triggered analytics rules in Threat Center as detections.

An analytics rule in the threat timeline.

Risk Score Calculation with Behavioral Analytics

With Threat Detection Management on the New-Scale Security Operations platform, risk score calculations for alerts and cases are now based on behavioral analytics insights and more accurately reflect real risk. The analytics engine assigns detections a rarity score depending on how often Threat Detection Management rules trigger in your environment. Case and alert risk scores are calculated using a combination of detection rarity scores and certain confidence factors.

Automation Management in Threat Center

Threat Center is now more deeply integrated with Automation Management. You can now:

  • Manually run a playbook or action on a specific case or alert.

    threatcenter-actions-runaplaybook.png
  • View a history of Automation Management tools you've run on a specific case or alert in dedicated experiences, separate from the case or alert history.

    In the Overview tab under Automation, view the five most recently run playbooks and actions:

    threatcenter-2024releasenotes-overviewautomation.png

    Under the Automation tab, view the full history of all playbooks and actions run on a case or alert:

    The automation history in a case.

    The Automation tab is available with an add-on to a New-Scale Security Operations portfolio license.

Manual Case Creation

You can now manually create a case from scratch, without associating it with an alert.

threatcenter-cases-createcase.png

Copilot Case Names

You can now better understand what a case represents and quickly decide which case to work on with AI-generated case names. Only cases converted from an alert have AI-generated case names.

Enhanced Entity Display

Entities are now displayed more intuitively. User entities are shown as their full name or email address. If neither information is available, user entities are shown as their username. Device entities are shown as their host name.

Device Entity Details

To better understand a device entity in the context of a case or alert, you can now view entity device details from Attack Surface Insights directly in Threat Center.

User Entity Search

To focus your investigation on a specific user entity, you can now search for cases and alerts whose detections are grouped by a specific user entity.

When you build a search, you can now navigate to the Entities tab to search for a user entity by their full name or known account, like username or email.

The Entities tab when you build a search in Threat Center.

Scope Column

When you view the list of cases and alerts, you can now quickly identify the number of objects associated with a case or alert with a new SCOPE column.

threatcenter-january2025releasenotes-scopecolumn.png

Under the SCOPE column, you can view the number of:

  • Rules

  • Users

  • Endpoints

  • MITRE ATT&CK® tactics and techniques

  • Use cases

To view the definition of an object, hover over the object count.

threatcenter-january2025releasenotes-scopecolumnhover.png

Open Investigation Timeline Enhancements

To investigate the most pertinent events related to a case or alert in Search, you can now click Open Investigation Timeline in a case or alert to automatically navigate to events in Search that have an assigned risk score.